😈 [ BlWasp_, BlackWasp ]
PAPAPA NOUVELLE PR!
My first PR on CrackMapExec: I have implemented the read and backup functions of the https://t.co/HQleAKcVrm Impacket noscript in a LDAP module for #CME with some improvements.
For the moment, the write functions are not possible.
https://t.co/NCdsjlsStA
🔗 https://github.com/Porchetta-Industries/CrackMapExec/pull/610
🐥 [ tweet ]
PAPAPA NOUVELLE PR!
My first PR on CrackMapExec: I have implemented the read and backup functions of the https://t.co/HQleAKcVrm Impacket noscript in a LDAP module for #CME with some improvements.
For the moment, the write functions are not possible.
https://t.co/NCdsjlsStA
🔗 https://github.com/Porchetta-Industries/CrackMapExec/pull/610
🐥 [ tweet ]
😈 [ HuskyHacksMK, Matt | HuskyHacks ]
🔬A new section has been added to PMAT and it's available for everyone!
I've added a new sample to teach simple x86 binary patching methodology.
📚Lesson: https://t.co/cIuqUKd4Fw
🦠Lab Repo: https://t.co/apbskSMBkY
🔗 https://notes.huskyhacks.dev/notes/on-patching-binaries
🔗 https://github.com/HuskyHacks/PMAT-labs/tree/main/labs/2-4.BinaryPatching/SimplePatchMe
🐥 [ tweet ]
🔬A new section has been added to PMAT and it's available for everyone!
I've added a new sample to teach simple x86 binary patching methodology.
📚Lesson: https://t.co/cIuqUKd4Fw
🦠Lab Repo: https://t.co/apbskSMBkY
🔗 https://notes.huskyhacks.dev/notes/on-patching-binaries
🔗 https://github.com/HuskyHacks/PMAT-labs/tree/main/labs/2-4.BinaryPatching/SimplePatchMe
🐥 [ tweet ]
😈 [ httpyxel, yxel ]
DeathSleep: A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
https://t.co/rR7FnuVvA8
🔗 https://github.com/janoglezcampos/DeathSleep
🐥 [ tweet ]
DeathSleep: A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
https://t.co/rR7FnuVvA8
🔗 https://github.com/janoglezcampos/DeathSleep
🐥 [ tweet ]
😈 [ DirectoryRanger, DirectoryRanger ]
Good series by @martinsohndk:
🔗 https://improsec.com/tech-blog/o83i79jgzk65bbwn1fwib1ela0rl2d
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-2-known-ad-attacks-from-child-to-parent
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-3-sid-filtering-explained
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-4-bypass-sid-filtering-research
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-5-golden-gmsa-trust-attack-from-child-to-parent
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-6-schema-change-trust-attack-from-child-to-parent
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-7-trust-account-attack-from-trusting-to-trusted
🐥 [ tweet ]
Good series by @martinsohndk:
🔗 https://improsec.com/tech-blog/o83i79jgzk65bbwn1fwib1ela0rl2d
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-2-known-ad-attacks-from-child-to-parent
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-3-sid-filtering-explained
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-4-bypass-sid-filtering-research
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-5-golden-gmsa-trust-attack-from-child-to-parent
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-6-schema-change-trust-attack-from-child-to-parent
🔗 https://improsec.com/tech-blog/sid-filter-as-security-boundary-between-domains-part-7-trust-account-attack-from-trusting-to-trusted
🐥 [ tweet ]
😈 [ ShitSecure, S3cur3Th1sSh1t ]
Really like the “Malware Dev” posts from @0xPat, good read for everyone interested in that topic. Especially good for the basics 👌🔥
https://t.co/iRl72r4yz9
🔗 https://0xpat.github.io/
🐥 [ tweet ]
Really like the “Malware Dev” posts from @0xPat, good read for everyone interested in that topic. Especially good for the basics 👌🔥
https://t.co/iRl72r4yz9
🔗 https://0xpat.github.io/
🐥 [ tweet ]
😈 [ podalirius_, Podalirius ]
[#thread 🧵] This weekend I wrote a #tool to scan for @TheApacheTomcat server #vulnerabilities in networks. I've always dreamed to be able to retrieve the list of computers in a #Windows #domain and scan for vulnerable #Apache #Tomcats automatically! 🎉
https://t.co/EOWfTbFCRh
🔗 https://github.com/p0dalirius/ApacheTomcatScanner/
🐥 [ tweet ]
[#thread 🧵] This weekend I wrote a #tool to scan for @TheApacheTomcat server #vulnerabilities in networks. I've always dreamed to be able to retrieve the list of computers in a #Windows #domain and scan for vulnerable #Apache #Tomcats automatically! 🎉
https://t.co/EOWfTbFCRh
🔗 https://github.com/p0dalirius/ApacheTomcatScanner/
🐥 [ tweet ]
😈 [ mariuszbit, mgeeky | Mariusz Banach ]
Can confirm - a nice DLL side-loading against Defender's executable.
Step 1:
copy "%ProgramFiles%\Windows Defender\NisSrv.exe" C:\Users\Public
Step 2:
g++ --shared -o C:\Users\Public\mpclient.dll proxy.cpp
Step 3:
"%WinDir%\Users\Public\NisSrv.exe"
Tasty Initial Access 🔥
🐥 [ tweet ][ quote ]
Can confirm - a nice DLL side-loading against Defender's executable.
Step 1:
copy "%ProgramFiles%\Windows Defender\NisSrv.exe" C:\Users\Public
Step 2:
g++ --shared -o C:\Users\Public\mpclient.dll proxy.cpp
Step 3:
"%WinDir%\Users\Public\NisSrv.exe"
Tasty Initial Access 🔥
🐥 [ tweet ][ quote ]
😈 [ ORCA10K, ORCA ]
decided to build libraries to help in malware development, so far I've done only little, but here it is:
https://t.co/d0AfK2ypr0
🔗 https://github.com/MalwareApiLib/MalwareApiLibrary
🐥 [ tweet ]
decided to build libraries to help in malware development, so far I've done only little, but here it is:
https://t.co/d0AfK2ypr0
🔗 https://github.com/MalwareApiLib/MalwareApiLibrary
🐥 [ tweet ]
😈 [ MDSecLabs, MDSec ]
"Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service" - @modexpblog
presents some lesser known techniques for enumerating LSASS PIDs https://t.co/o7uzJpA0Iq
🔗 https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
🐥 [ tweet ]
"Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service" - @modexpblog
presents some lesser known techniques for enumerating LSASS PIDs https://t.co/o7uzJpA0Iq
🔗 https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/
🐥 [ tweet ]
😈 [ R0h1rr1m, Furkan Göksel ]
Another technique which is Call Stack Spoofing is in Nim right now! I developed the pure Nim version of the Call Stack Spoofing method thanks to @joehowwolf 's PoC and blogpost. You can find the repository below.
https://t.co/R7y34dQaYu
🔗 https://github.com/frkngksl/NimicStack
🐥 [ tweet ]
Another technique which is Call Stack Spoofing is in Nim right now! I developed the pure Nim version of the Call Stack Spoofing method thanks to @joehowwolf 's PoC and blogpost. You can find the repository below.
https://t.co/R7y34dQaYu
🔗 https://github.com/frkngksl/NimicStack
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒] Such a tiny code snippet that can help you bypass some automatic sandbox detections ⏳
#maldev
🐥 [ tweet ]
[#HackTip ⚒] Such a tiny code snippet that can help you bypass some automatic sandbox detections ⏳
#maldev
🐥 [ tweet ]
😈 [ SemperisTech, Semperis ]
Privilege escalation is a prime tool for attackers to infiltrate your #ActiveDirectory--and from there, anything they want. Learn more about a vulnerability that can enable #cyberattackers to target AD Certificate Services and take over your domain. https://t.co/rwUp9tIiAn
🔗 https://www.semperis.com/blog/ad-vulnerability-cve-2022-26923/
🐥 [ tweet ]
Privilege escalation is a prime tool for attackers to infiltrate your #ActiveDirectory--and from there, anything they want. Learn more about a vulnerability that can enable #cyberattackers to target AD Certificate Services and take over your domain. https://t.co/rwUp9tIiAn
🔗 https://www.semperis.com/blog/ad-vulnerability-cve-2022-26923/
🐥 [ tweet ]
😈 [ s4ntiago_p, S4ntiagoP ]
A small blogpost (and PoC) about creating Windows processes using syscalls 😊
https://t.co/P5isRGOnN7
🔗 https://www.coresecurity.com/core-labs/articles/creating-processes-using-system-calls
🐥 [ tweet ]
A small blogpost (and PoC) about creating Windows processes using syscalls 😊
https://t.co/P5isRGOnN7
🔗 https://www.coresecurity.com/core-labs/articles/creating-processes-using-system-calls
🐥 [ tweet ]
😈 [ _RastaMouse, Rasta Mouse ]
[BLOG]
Fun post on how to combine evilginx by @mrgretzky and BITB by @mrd0x.
https://t.co/8gShYwEyPY
🔗 https://rastamouse.me/evilginx-meet-bitb/
🐥 [ tweet ]
[BLOG]
Fun post on how to combine evilginx by @mrgretzky and BITB by @mrd0x.
https://t.co/8gShYwEyPY
🔗 https://rastamouse.me/evilginx-meet-bitb/
🐥 [ tweet ]
This media is not supported in your browser
VIEW IN TELEGRAM
😈 [ MDSecLabs, MDSec ]
In part 3 of our "How I Met Your Beacon" series, @domchell analyses techniques to detect Brute Ratel https://t.co/4wNtM5mNH7 #brc4
🔗 https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/
🐥 [ tweet ]
In part 3 of our "How I Met Your Beacon" series, @domchell analyses techniques to detect Brute Ratel https://t.co/4wNtM5mNH7 #brc4
🔗 https://www.mdsec.co.uk/2022/08/part-3-how-i-met-your-beacon-brute-ratel/
🐥 [ tweet ]
😈 [ last0x00, last ]
After a few weeks of development, I'm happy to share my new work: PersistenceSniper. It is a #Powershell module that allows #BlueTeams, #IncidentResponders and #Sysadmins to hunt persistences implanted in their Windows machines. Check it out!
https://t.co/oma0h8gFfF
🔗 https://github.com/last-byte/PersistenceSniper/
🐥 [ tweet ]
After a few weeks of development, I'm happy to share my new work: PersistenceSniper. It is a #Powershell module that allows #BlueTeams, #IncidentResponders and #Sysadmins to hunt persistences implanted in their Windows machines. Check it out!
https://t.co/oma0h8gFfF
🔗 https://github.com/last-byte/PersistenceSniper/
🐥 [ tweet ]
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Спасибо @snovvcrash, снова запостил годный материал
https://habr.com/ru/company/angarasecurity/blog/680138/
#pentest #redteam #ad
https://habr.com/ru/company/angarasecurity/blog/680138/
#pentest #redteam #ad
Хабр
Делегируй меня полностью, или Новый взгляд на RBCD-атаки в AD
«Злоупотребление ограниченным делегированием Kerberos на основе ресурсов» — как много в этом звуке! Точнее уже не просто звуке и даже не словосочетании, а целом классе наступательных техник в доменной...
😈 [ praetorianlabs, Praetorian ]
Anatomy of an automotive security assessment that help protect life and limb
https://t.co/cg7pAq5Luz
#automotivesecurity #carhacking
🔗 https://www.praetorian.com/blog/automotive-security-assessment-anatomy/
🐥 [ tweet ]
Anatomy of an automotive security assessment that help protect life and limb
https://t.co/cg7pAq5Luz
#automotivesecurity #carhacking
🔗 https://www.praetorian.com/blog/automotive-security-assessment-anatomy/
🐥 [ tweet ]
😈 [ chvancooten, Cas van Cooten ]
Very cool that Elastic published their EDR rules. Really builds confidence that their detections are actually worthwhile vs some other EDR vendors that seem to rely on frantically obscuring and limiting access to their product 👀
https://t.co/KBQZ03aOdV
🔗 https://github.com/elastic/protections-artifacts
🐥 [ tweet ][ quote ]
Very cool that Elastic published their EDR rules. Really builds confidence that their detections are actually worthwhile vs some other EDR vendors that seem to rely on frantically obscuring and limiting access to their product 👀
https://t.co/KBQZ03aOdV
🔗 https://github.com/elastic/protections-artifacts
🐥 [ tweet ][ quote ]
😈 [ ly4k_, Oliver Lyak ]
Certipy reached 1k stars on GitHub. Let’s celebrate with a brand new version, new research, a forked BloodHound GUI with ADCS support, and many new features, for instance Schannel authentication via LDAPS, SSPI authentication, and much more!
https://t.co/h85p3cCO1N
🔗 https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
🐥 [ tweet ]
Certipy reached 1k stars on GitHub. Let’s celebrate with a brand new version, new research, a forked BloodHound GUI with ADCS support, and many new features, for instance Schannel authentication via LDAPS, SSPI authentication, and much more!
https://t.co/h85p3cCO1N
🔗 https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
🐥 [ tweet ]
👹 [ snovvcrash, sn🥶vvcr💥sh ]
[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) a domain user!
#pentest #ad #cisco
🔗 https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
🔗 https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
🔗 https://github.com/llt4l/iCULeak.py
🐥 [ tweet ]
[#HackTip ⚒] A cool technique for initial AD access during a pentest. Got a Cisco IP Phone nearby? Congrats, you’re (almost) a domain user!
#pentest #ad #cisco
🔗 https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
🔗 https://www.n00py.io/2022/01/unauthenticated-dumping-of-usernames-via-cisco-unified-call-manager-cucm/
🔗 https://github.com/llt4l/iCULeak.py
🐥 [ tweet ]